Nursery webcam accessed by stranger to speak to parent and child

In the last couple years, I’ve often spoken about the issue with manufacturers giving almost anything Internet access – and why I think in some cases it’s a bad idea.

Today comes another story that demonstrates why such features need to be carefully considered.

Global News has reported that an Internet-enabled camera used to monitor a nursery activated while a parent rocked their child to sleep.

Police said that the camera’s built-in speaker played music and a voice could be heard, telling the parent and child that they were being watched.

An investigation into how this happened discovered that the home’s router had been hacked.

Unfortunately, there isn’t any information on how the router was hacked.

Default settings

As I’m not a parent, I’m not exactly in a position to comment on the modern-world’s need for an Internet enabled nanny-cam. I will, however, comment on Internet-enabled devices in the home.

Fridges, microwaves and even toilets are now regularly built with Internet-enabled functionality. With the Internet of Things ramping up, there are generally valid reasons for this. My issue is that a large proportion of these devices are shipped with default usernames and passwords to make it easy for the customer to set up, which is fine.

But who actually goes through and changes default settings? I don’t have the numbers, but I’d assume very few. By not changing the default login credentials for their devices, people are leaving them vulnerable to compromise.

Who’s to blame?

It’s certainly a debatable subject. I wouldn’t expect my over-70s grandparents to know how to change the default password on their Internet-enabled toilet (no, they don’t have one), but I also wouldn’t expect the manufacturer to hold their hand while they change it.

I’m keen to know who you think should take responsibility – leave your comments below.

My suggestion, which may or may not be supported by others, is that default credentials should not exist. Make the customer create their own credentials, and it’s up to them how secure they make them.

About The Author

Lewis is the social media marketing executive at IT Governance. He writes about the latest news in the information security industry as well as many other IT Governance topics.

5 Comments

AnithaJuly 29, 2015

I believe it is manufacturer’s responsibility to build such products which enforces the customers to change the password after first login and the products should be built to accept strong passwords and convenient process to get the password re-set in secured manner

Dereck CowsillJuly 27, 2015

Could talk all day about this. Firstly, any household that is going to connect a router to a network should be briefed on the basics of cyber security, call it an awareness session. This should be the responsibility of the network provider – why would you want someone who is insecure connecting to your network? Secondly, this briefing session should contain details of why & how to change the default credentials. I can understand why they are shipped, but as Preston says, they should be forced to change them before they can access the network, a policy could be embedded into the router’s software to enforce this. These two points are basic cyber hygiene.

When I bought my first motorbike in the 1970’s, I was able to buy the machine and take it straight on the road after a few cursory pointers by the dealer (if you bought it privately there were no such pointers), potentially becoming a danger to yourself and other road users. Now you are not allowed to take a bike on the road without having taken a CBT course to prove you are capable of not being a danger. This is essential to ensure you and others remain safe. Why not with Cyber security?

Lewis MorganJuly 27, 2015

All very good points Dereck and I agree. A phrase that I think we are having to say far too often “Why not with Cyber security?”

May I proffer, that it’s the responsibility of manufacturers and installers to ensure that any Internet device is brought to the attention off the customer. Thereafter, I then suggest it’s the customers responsibility thereafter.

Social Media

Write for us

IT Governance is looking to publish relevant, well-written, informative and original articles. If you have an article that meets these criteria,
then please send it in.